Shaun Walker
@ -235,18 +235,24 @@ namespace Oqtane.Extensions
|
|||||||
ClaimsIdentity identity = new ClaimsIdentity(Constants.AuthenticationScheme);
|
ClaimsIdentity identity = new ClaimsIdentity(Constants.AuthenticationScheme);
|
||||||
// use identity.Label as a temporary location to store validation status information
|
// use identity.Label as a temporary location to store validation status information
|
||||||
|
|
||||||
if (EmailValid(email, httpContext.GetSiteSettings().GetValue("ExternalLogin:DomainFilter", "")))
|
|
||||||
{
|
|
||||||
var _identityUserManager = httpContext.RequestServices.GetRequiredService<UserManager<IdentityUser>>();
|
|
||||||
var _users = httpContext.RequestServices.GetRequiredService<IUserRepository>();
|
|
||||||
var _userRoles = httpContext.RequestServices.GetRequiredService<IUserRoleRepository>();
|
|
||||||
var alias = httpContext.GetAlias();
|
|
||||||
var providerType = httpContext.GetSiteSettings().GetValue("ExternalLogin:ProviderType", "");
|
var providerType = httpContext.GetSiteSettings().GetValue("ExternalLogin:ProviderType", "");
|
||||||
var providerName = httpContext.GetSiteSettings().GetValue("ExternalLogin:ProviderName", "");
|
var providerName = httpContext.GetSiteSettings().GetValue("ExternalLogin:ProviderName", "");
|
||||||
|
var alias = httpContext.GetAlias();
|
||||||
|
var _users = httpContext.RequestServices.GetRequiredService<IUserRepository>();
|
||||||
User user = null;
|
User user = null;
|
||||||
|
|
||||||
|
// verify if external user is already registerd for this site
|
||||||
|
var _identityUserManager = httpContext.RequestServices.GetRequiredService<UserManager<IdentityUser>>();
|
||||||
|
var identityuser = await _identityUserManager.FindByLoginAsync(providerType + ":" + alias.SiteId.ToString(), id);
|
||||||
|
if (identityuser != null)
|
||||||
|
{
|
||||||
|
user = _users.GetUser(identityuser.UserName);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if (EmailValid(email, httpContext.GetSiteSettings().GetValue("ExternalLogin:DomainFilter", "")))
|
||||||
|
{
|
||||||
bool duplicates = false;
|
bool duplicates = false;
|
||||||
IdentityUser identityuser = null;
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
identityuser = await _identityUserManager.FindByEmailAsync(email);
|
identityuser = await _identityUserManager.FindByEmailAsync(email);
|
||||||
@ -294,7 +300,7 @@ namespace Oqtane.Extensions
|
|||||||
_notifications.AddNotification(notification);
|
_notifications.AddNotification(notification);
|
||||||
|
|
||||||
// add user login
|
// add user login
|
||||||
await _identityUserManager.AddLoginAsync(identityuser, new UserLoginInfo(providerType, id, ""));
|
await _identityUserManager.AddLoginAsync(identityuser, new UserLoginInfo(providerType + ":" + alias.SiteId.ToString(), id, providerName));
|
||||||
|
|
||||||
_logger.Log(user.SiteId, LogLevel.Information, "ExternalLogin", Enums.LogFunction.Create, "User Added {User}", user);
|
_logger.Log(user.SiteId, LogLevel.Information, "ExternalLogin", Enums.LogFunction.Create, "User Added {User}", user);
|
||||||
}
|
}
|
||||||
@ -321,20 +327,7 @@ namespace Oqtane.Extensions
|
|||||||
{
|
{
|
||||||
var logins = await _identityUserManager.GetLoginsAsync(identityuser);
|
var logins = await _identityUserManager.GetLoginsAsync(identityuser);
|
||||||
var login = logins.FirstOrDefault(item => item.LoginProvider == (providerType + ":" + alias.SiteId.ToString()));
|
var login = logins.FirstOrDefault(item => item.LoginProvider == (providerType + ":" + alias.SiteId.ToString()));
|
||||||
if (login != null)
|
if (login == null)
|
||||||
{
|
|
||||||
if (login.ProviderKey == id)
|
|
||||||
{
|
|
||||||
user = _users.GetUser(identityuser.UserName);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
// provider keys do not match
|
|
||||||
identity.Label = ExternalLoginStatus.ProviderKeyMismatch;
|
|
||||||
_logger.Log(LogLevel.Error, "ExternalLogin", Enums.LogFunction.Security, "Provider Key Does Not Match For User {Username}. Login Denied.", identityuser.UserName);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
{
|
||||||
// new external login using existing user account - verification required
|
// new external login using existing user account - verification required
|
||||||
var _notifications = httpContext.RequestServices.GetRequiredService<INotificationRepository>();
|
var _notifications = httpContext.RequestServices.GetRequiredService<INotificationRepository>();
|
||||||
@ -345,23 +338,16 @@ namespace Oqtane.Extensions
|
|||||||
body += "In Order To Complete The Linkage Of Your User Account Please Click The Link Displayed Below:\n\n" + url + "\n\nThank You!";
|
body += "In Order To Complete The Linkage Of Your User Account Please Click The Link Displayed Below:\n\n" + url + "\n\nThank You!";
|
||||||
var notification = new Notification(alias.SiteId, email, email, "External Login Linkage", body);
|
var notification = new Notification(alias.SiteId, email, email, "External Login Linkage", body);
|
||||||
_notifications.AddNotification(notification);
|
_notifications.AddNotification(notification);
|
||||||
|
|
||||||
identity.Label = ExternalLoginStatus.VerificationRequired;
|
identity.Label = ExternalLoginStatus.VerificationRequired;
|
||||||
_logger.Log(alias.SiteId, LogLevel.Information, "ExternalLogin", Enums.LogFunction.Create, "External Login Linkage Verification For Provider {Provider} Sent To {Email}", providerName, email);
|
_logger.Log(alias.SiteId, LogLevel.Information, "ExternalLogin", Enums.LogFunction.Create, "External Login Linkage Verification For Provider {Provider} Sent To {Email}", providerName, email);
|
||||||
}
|
}
|
||||||
}
|
else
|
||||||
|
|
||||||
// manage user
|
|
||||||
if (user != null)
|
|
||||||
{
|
{
|
||||||
// create claims identity
|
// provider keys do not match
|
||||||
identity = UserSecurity.CreateClaimsIdentity(alias, user, _userRoles.GetUserRoles(user.UserId, user.SiteId).ToList());
|
identity.Label = ExternalLoginStatus.ProviderKeyMismatch;
|
||||||
identity.Label = ExternalLoginStatus.Success;
|
_logger.Log(LogLevel.Error, "ExternalLogin", Enums.LogFunction.Security, "Provider Key Does Not Match For User {Username}. Login Denied.", identityuser.UserName);
|
||||||
|
}
|
||||||
// update user
|
|
||||||
user.LastLoginOn = DateTime.UtcNow;
|
|
||||||
user.LastIPAddress = httpContext.Connection.RemoteIpAddress.ToString();
|
|
||||||
_users.UpdateUser(user);
|
|
||||||
_logger.Log(LogLevel.Information, "ExternalLogin", Enums.LogFunction.Security, "External User Login Successful For {Username} Using Provider {Provider}", user.Username, providerName);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else // email invalid
|
else // email invalid
|
||||||
@ -376,6 +362,23 @@ namespace Oqtane.Extensions
|
|||||||
_logger.Log(LogLevel.Error, "ExternalLogin", Enums.LogFunction.Security, "Provider Did Not Return An Email To Uniquely Identify The User.");
|
_logger.Log(LogLevel.Error, "ExternalLogin", Enums.LogFunction.Security, "Provider Did Not Return An Email To Uniquely Identify The User.");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// manage user
|
||||||
|
if (user != null)
|
||||||
|
{
|
||||||
|
// create claims identity
|
||||||
|
var _userRoles = httpContext.RequestServices.GetRequiredService<IUserRoleRepository>();
|
||||||
|
identity = UserSecurity.CreateClaimsIdentity(alias, user, _userRoles.GetUserRoles(user.UserId, user.SiteId).ToList());
|
||||||
|
identity.Label = ExternalLoginStatus.Success;
|
||||||
|
|
||||||
|
// update user
|
||||||
|
user.LastLoginOn = DateTime.UtcNow;
|
||||||
|
user.LastIPAddress = httpContext.Connection.RemoteIpAddress.ToString();
|
||||||
|
_users.UpdateUser(user);
|
||||||
|
_logger.Log(LogLevel.Information, "ExternalLogin", Enums.LogFunction.Security, "External User Login Successful For {Username} Using Provider {Provider}", user.Username, providerName);
|
||||||
|
}
|
||||||
|
|
||||||
return identity;
|
return identity;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user